Re: Squid is not pleased (its looping) [DoS ATTACK?]

From: Jacob Suter <[email protected]>
Date: Sat, 04 Apr 1998 11:56:36 -0600

Well I have fixed it thanks to some advice from Hendrik Nordstrom. I
just changed the operation port back to 3128. For others out there that
are having this problem just remember to leave the HTTP accelerator port
on *80* and change the http-port to 3128.

Although I have noticed in this new config I am using 20-30% more CPU
usage per hit off my local web server, but hey, as long as its stable I
don't care, I'll get a faster server :)

Thanks guys!

JS

ps - still, anti-looping protection would be a good thing, if nothing
more than causing squid to restart and make a lot of syslog noise.

John D. Hardin wrote:
>
> > 891037287.992 122613 206.136.25.197 TCP_MISS/504 995 GET
> > http://127.0.0.1/~jbart
> > a/idiot/idiot.html - DIRECT/127.0.0.1 -
> > 891037288.002 122502 127.0.0.1 TCP_MISS/504 241 GET
> > http://127.0.0.1/~jbarta/idi
> > ot/idiot.html - DIRECT/127.0.0.1 -
> > 891037288.002 122489 127.0.0.1 TCP_MISS/504 241 GET
> > http://127.0.0.1/~jbarta/idi
> > ot/idiot.html - DIRECT/127.0.0.1 -
> >
> > (this repeats a few thousand times until I go kill -9 squid and ipnat
> > -F.)
>
> I don't think setting up your firewall to discard traffic to/from 127.0.0.1 is
> going to help fix this, as it looks like a perfectly valid URL for 127.0.0.1 is
> being requested by the client via a perfectly valid HTTP session.
>
> Try using ACLs to deny any requests for 127.0.0.1 - which should prevent Squid
> from trying to request a file from itself.
>
> Perhaps:
>
> acl LOOPBACK dst 127.0.0.0/255.0.0.0
> http_access deny LOOPBACK
>
> A Squid DoS attack! Sounds like a patch is needed. Let's fix this before
> somebody tells bugtraq... :)
>
> --
> John Hardin KA7OHZ jhardin@wolfenet.com
> pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
> PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
> -----------------------------------------------------------------------
> 1 day until Daylight Savings Time begins
Received on Sat Apr 04 1998 - 09:49:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:35 MST